Systems and methods of secure provenance for distributed transaction databases

ABSTRACT

An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.

CROSS REFERENCE(S) TO RELATED APPLICATION(S)

This application is a continuation of U.S. patent application Ser. No.15/200,756, now U.S. Pat. No. 10,097,356 issued Oct. 9, 2018 whichclaims benefit of U.S. Patent Application Nos. 62/188,422, filed Jul. 2,2015, and 62/270,560, filed Dec. 21, 2015, the entire contents of eachof which are incorporated herein by reference.

TECHNICAL OVERVIEW

The technology herein relates to distributed transaction databasecomputer systems. More particularly, the technology herein relates tosecure provenance in such systems.

INTRODUCTION

Digital provenance is a discipline of computer science and generallyrelates to the history of digital data stored on a computer system.Electronic data is easily modifiable (e.g., by simply changing an 1 to a0) and there are no inherent mechanisms for providing provenance in suchan environment. In other words, once an electronic record (e.g., such asa medical record) is changed, the previous information is overwrittenwith no inherent ability to undo or interrogate the history of thatdata. Accordingly, someone interested in the provenance of the digitaldata may only see the most recent version of the data, but may not beable to determine what created (or modified) the data, who or what isthe responsible entity for the data, or where/when such creations ofmodifications occurred.

One way to address these shortcomings when digital data is stored is touse, for example, log files that record the changes to the digital data(e.g., a transaction log of a transactional database). However, intraditional implementations there is no guarantee that the log filesthemselves have not been manipulated. This lack of an authenticguarantee can be problematic in certain instances where the chain ofprovenance information is, perhaps, as valuable as the informationitself. Consider a log file that includes a record that Alice accessedconfidential information. This information may be valuable, but only ifthe log information being viewed is not easily modifiable such that theprovenance chain is easily changeable after the fact.

Another issue in digital provenance is ensuring the availability of theprovenance information. This is particularly important in the context ofcomputer science applications and digital data as it is relatively easyto erase digital information without leaving much (if any) trace of theoriginal contents of the data (e.g., by deleting a log file or thelike). Thus, it will be appreciated that there is a technical need tofacilitate increased access to certain types of data (such as provenanceinformation).

Another aspect of provenance is that often times a particular scenarioor application may require that the provenance information or thedigital data associated with the provenance information be confidential.As an example, it may be desirable to show that the changes to a datarecord or the like where authorized, but not reveal which usersauthorized the changed. In another example, it may be desirable to hidethe true owner (or past owners) of particular data file. However, at thesame time, the provenance chain may still be used for verify theauthenticity of a file or data field (e.g., that it has not beentampered with or the changes were authorized). In other words, theprovenance chain may provide information to a third party that detailsthe provenance without relating the exact identity of the past (orcurrent) owners or users associated with the data. Thus, it will beappreciated that there is a technical need to allow entities to verifyprovenance and/or chain of custody without requiring all the pastdetails of that information be available.

These and other problems persist in the discipline of computer scienceand digital data storage. Accordingly, there exists needs in the art tofurther develop techniques of providing secure provenance—particularlyin the context of digital data storage and/or distributed databasecomputer systems.

SUMMARY

One or more of the above problems is solved in certain exampleembodiments by an electronic resource tracking and storage computersystem (computer system). The computer system is adapted or configuredto communicate with distributed blockchain computing system thatincludes multiple computing nodes and a blockchain. The computer systemincludes storage for blockchain participant identifiers, blockchainresource identifiers, and records that correspond to blockchaintransactions. A transceiver is configured to receive electronic datamessages (including a first electronic data message) that includes adigital resource issuance request that is a request to issue a newamount of the resource. When a new request is received, the computersystem is programmed to generate a blockchain transaction from ablockchain resource identifier (e.g., a blockchain address) to at leastone participant identifier (e.g., another blockchain address). Thegenerated transaction also includes a quantity value for this newresource that is to be issued or transferred. The generated blockchaintransaction is digitally signed with at least one private key that isassociated with the a blockchain resource identifier. The blockchaintransaction is then sent to the blockchain for validation thereon. Thecomputer system stores other information that is not part of theblockchain transaction into a database or the like. Once the blockchaintransaction has been validated by the blockchain, the database isupdated to reflect that the blockchain transaction is now part of theblockchain and thus (for practical purposes) immutable.

Accordingly, secure digital provenance is provided for the informationthat is contained in the blockchain transaction because of thecryptographic immutability of the records contained in blockchain. Otherinformation (e.g., that may be confidential in nature) is stored outsideof the blockchain thus securing information that is related to theblockchain transaction that is on the blockchain. Third-parties may beallowed to validate (e.g., audit) the transaction information byreviewing the blockchain transactions. This can be accomplished withoutreviewing the supplementary information that is not stored as part ofthe blockchain. The availability of the records on the blockchain isalso increased because of the distributed nature of the distributedblockchain computing system. Thus, the failure of one node (or thedestruction of records in one location) will not result in loss of thedigital provenance information.

In certain example embodiments, plural different participant identifiersare included as separate outputs for a generated blockchain transaction.Each one of the identifiers is associated with a different participant.This allows multiple transactions (e.g., A->B and A-C) to be recorded inthe same blockchain transaction.

In certain example embodiments, a first process (e.g., an auctionprocess) is started, during which participants submit data transactionrequests to send or receive amounts of the resource that is associatedwith the new digital resource identifier. The first process is closed toreception of data transaction requests from the participants. After thefirst process is closed, a single blockchain transaction that includesinputs that correspond to source participant identifiers and outputsthat correspond to destination participant identifiers is generated. Thesingle blockchain transaction is published to the distributed blockchaincomputing system for validation thereby. Accordingly, an auction processthat involves many different transactions may be represented on theblockchain as one single blockchain transaction.

In certain example embodiments, wherein the outputs to the singleblockchain transaction also include source participant identifiers forunspent amounts of the resource. Accordingly, those source identifierthat are transferring some, but not all, of the resource “held” by themwill receive a remainder.

In certain example embodiments, the generated blockchain transactionincludes a hash value of the additional transaction data. Accordingly,the provenance information that is stored outside of the blockchain(e.g., in a separate database) may be represented on the blockchainwithout including it on the blockchain. This allows the digitalprovenance of the additional information to be secured because the hashvalue of that information will become part of the immutable blockchainrecord.

In certain example embodiments, a blockchain transaction (includingissuance or allocation transactions) is digitally signed by two or moreprivate keys. In certain example embodiments, one of the private keys isheld or maintained by the electronic resource tracking and storagecomputer system.

In certain example embodiments, a resource allocation request isreceived for allocation of at least some of the quantity valueassociated with the previously generated blockchain transaction toanother participant identifier. A second blockchain transaction isgenerated using, as an input, output data from a previously generatedblockchain transaction. The output of the second blockchain transactionincludes the value of at least some of the quantity value that is to beallocated to the another participant identifier. The generated secondblockchain transaction is published to the blockchain and a transactionrepository of the electronic resource tracking and storage computersystem is updated with a record for the second blockchain transaction.The record includes additional transaction data that was not included inthe second generated blockchain transaction. Accordingly, allocation ofresources (such as private assets) is recorded to the blockchain.Further, chain of custody is ensured from the initial issuance to thisfurther allocation as an auditor or other third party will be able toverify that the amount of resources (assets) associated with thetransaction originated from the initial issuance.

In certain example embodiments, the blockchain is maintained on aprivate computer system such that only those users or computers that areauthorized to interact with the blockchain may perform blockchainfunctionality (this includes the electronic resource tracking andstorage computer system and blockchain nodes that are controlled by asingle entity). In certain instances, third parties may be provided withread-only access to the blockchain. This may advantageously allow thirdparties to directly access the secure digital provenance informationthat is stored as part of the blockchain.

Certain example embodiments also relate to a method for operating anelectronic resource tracking and storage computer system as describedabove, as well as computer program instructions that are embodied on anon-transitory storage medium.

The features described herein may be combined to form additionalembodiments and sub-elements of certain embodiments may form yet furtherembodiments. This summary is provided to introduce a selection ofconcepts that are further described below in the detailed description.This summary is intended neither to identify key features or essentialfeatures of the claimed subject matter, nor to be used to limit thescope of the claimed subject matter; rather, this summary is intended toprovide an overview of the subject matter described in this document.Accordingly, it will be appreciated that the above-described featuresare merely examples, and that other features, aspects, and advantages ofthe subject matter described herein will become apparent from thefollowing detailed description, figures, and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features and advantages will be better and morecompletely understood by referring to the following detailed descriptionof example non-limiting illustrative embodiments in conjunction with thedrawings of which:

FIG. 1 illustrates a non-limiting example function block diagram of adigital asset repository computer system that interfaces with ablockchain according to certain example embodiments;

FIG. 2A illustrates example digital transactions that occur in a digitalasset repository computer system to issue assets in a digital form thatis recorded on a blockchain according to certain example embodiments;

FIG. 2B shows an example process for issuing digitally based assets onthe system shown in FIG. 1;

FIG. 2C shows example transactions that occur in relation to issuingdigital assets according to certain example embodiments;

FIG. 3A shows an example process for transferring digitally based assetson the system shown in FIG. 1;

FIGS. 3B and 3C show example transactions that occur in relation totransferring digital assets between participants according to certainexample embodiments;

FIG. 4 shows an example process for registering participants that arethen allowed to interact with certain digitally based assets via theexample system shown in FIG. 1;

FIG. 5 is a non-limiting example function block diagram of a centralizedcomputer system that interfaces with a blockchain according to certainexample embodiments;

FIG. 6 is signaling diagram for an example blockchain transactionperformed between an issuer on the blockchain, a contract on theblockchain, and an investor on the blockchain;

FIGS. 7A-7H are example screen shots of user interfaces that show howblockchain transactions and their associated data may be displayed forconsumption by a user according to certain example embodiments; and

FIG. 8 is an example computer system according to certain exampleembodiments.

DETAILED DESCRIPTION

In the following description, for purposes of explanation andnon-limitation, specific details are set forth, such as particularnodes, functional entities, techniques, protocols, etc. in order toprovide an understanding of the described technology. It will beapparent to one skilled in the art that other embodiments may bepracticed apart from the specific details described below. In otherinstances, detailed descriptions of well-known methods, devices,techniques, etc. are omitted so as not to obscure the description withunnecessary detail.

Sections are used in this Detailed Description solely in order to orientthe reader as to the general subject matter of each section; as will beseen below, the description of many features spans multiple sections,and headings should not be read as affecting the meaning of thedescription included in any section.

Overview

In certain example embodiments, a computer system interfaces with ablockchain and provides secure provenance and chain-of-custodyinformation for transactions that are recorded thereon. The computersystem stores additional information related to transactionsincorporated to the blockchain and also tracks whether or not theblockchain transaction has been validated.

Blockchain technology (sometimes simply referred to as a blockchain) isa relatively new type of database technology. An example implementationand corresponding blockchain techniques are described in a 2008 articleby Satoshi Nakamoto titled “Bitcoin: A Peer-to-Peer Electronic CashSystem,” the entire contents of which are hereby incorporated byreference. A blockchain is a distributed database system (sometimescalled a public ledger) that records transactions between a sourceidentifier and a destination identifier. These identifiers are createdthrough cryptography such as, for example, public key cryptography. Forexample, a user may create a destination identifier based on a privatekey. The relationship between the private key and the destinationidentifier provides a “proof” that the user is associated with the“output” from a corresponding “transaction.” The decentralized nature ofthe block chain can also be advantageous because no one node or systemis the effective holder of what is “correct.” Instead, the decentralizedsystem as a whole determines what is “correct” using mathematicaltechniques.

In certain example embodiments, a computer system is configured tocommunicate with a distributed blockchain computing system that includesmultiple computing nodes. In certain example embodiments, the computersystem and the blockchain act as a private certificate depository. Thecomputer system stores (1) identifiers and/or private key informationfor participants of the computer system, (2) digital asset identifiersthat are used to represent assets on the blockchain, and (3) blockchaintransaction records. When a new blockchain transaction is submitted tothe distributed blockchain computing system, the computer system waitsto determine that the submitted new blockchain transaction has beenvalidated. Once the new blockchain transaction has been validated, thenthe computer system updates a record of that blockchain transaction thatis stored with the computer system. The record that is stored with thecomputer system includes information that is not included or part of theblockchain transaction that is validated by the distributed blockchaincomputing system.

FIG. 1 illustrates a non-limiting example function block diagram of adigital asset repository computer system that interfaces with ablockchain according to certain example embodiments. FIGS. 2A-2C show ordigital assets are issued using the system shown in FIG. 1. FIGS. 3A-3Cshow examples of how digital assets are transferred using the systemshown in FIG. 1. FIG. 4 shows an example process for registeringparticipants with the example computer system shown in FIG. 1. FIG. 5 isa non-limiting example function block diagram of a computer system thatmay be used to implement the features in FIGS. 1-4 and 6-8. FIG. 6 issignaling diagram that shows an example blockchain transaction beingperformed between an issuer and investor for a contract on theblockchain. FIGS. 7A-7H are example screen shots of a user interfaceused to visually show participants aspects of the computer system thatinterfaces with the blockchain. FIG. 8 is an example computer systemthat may be used as a node that is part of the blockchain or as thedigital asset repository computer system.

Certain example embodiments provide a digital asset repository computersystem for buyers and sellers to connect and trade privately issuedassets. Privately issued assets may be assets of various security types.This may include, for example, equity or debt interests of privatecompanies, private commercial enterprises, limited liability companies,partnerships, and other corporate entities whose privately issued assets(which include shares, stock, membership units, membership interests,partnership interests, etc.) are not traded via a public exchange orstock market. In certain example embodiments, private companies, LimitedLiability Companies (LLCs), partnerships, and other business entities(collectively referred to in this disclosure as “private companies”) mayparticipate in secondary sales of their privately issued assets, have atleast partial control over the manner in which such privately issuedassets are traded, have at least partial control over who can selland/or buy, set transaction-specific and/or user-specific limitations,and the like.

FIG. 1

FIG. 1 illustrates a non-limiting example function block diagram of acomputer-implemented digital asset repository computer system (alsoreferred to herein as a digital resource repository computer system) 600that interfaces with blockchain 618 according to certain exampleembodiments. The digital asset repository computer system 600 mayinclude a combination of software and hardware interfaces, programmedbusiness logic, processing resources, and electronically addressablestorage. The digital asset repository computer system 600 is responsiblefor tracking and executing computer programs for the purpose ofmaintaining an accurate digital ledger of asset ownership.

Digital asset repository computer system 600 references or includesrecords or data for users, participants, digital assets, and blockchaintransactions. Participants are identifiable entities (e.g., that areunique) that can be assigned ownership of a digital asset that is alsotracked by the system. For example, a company that is issuing onemillion shares may be a participant within the system. Users can beuniquely identifiable entities that have permissions to view, update,and/or control information within the system. In certain instances, auser and participant may be the same or different. For example, in thecase of a company, the company may have multiple authorized users thatinteract with the system on behalf of the company. In another example,an investor may be both a participant and a user in the system.

Digital assets (also referred to as resources herein) are alsoidentifiable entities (e.g., that are unique) that can be tracked,managed, and verified by the computer system 600. For example, when acompany first issues shares of class A stock, the class A stock for thatcompany will be one asset tracked by the system.

FIG. 7A shows an example screen shot of a user interface that showsdifferent resources that have been created for one company. The threedifferent resources for this company are “seed,” “series A,” and “seriesB.” These are all unique resources that are tracked by the computersystem 600 and, as described in greater detail below, incorporated aspart of generated and validated blockchain transactions.

Transactions for privately issued assets are digital transactions thathave been submitted and/or validated by a corresponding blockchain(e.g., a public and distributed digital ledger) 618.

The blockchain 618 is maintained, stored, and updated, by multipledifferent computer nodes that each operate to “mine” and therebyvalidate transactions submitted to the blockchain 618. Generally, onlyone of the nodes needs to “receive” a transaction that has beensubmitted from a client (e.g., the computer system 600). Once one nodereceives a transaction it may propagate the transaction to other nodeswithin the distributed computer system that provides the blockchain 618.In certain examples, different entities may control different ones ofthe computer nodes that are responsible for maintaining the blockchain.For example, the issuer of an asset may have one node, an auditor mayhave another node, a regulator (e.g., the SEC) may have another node,the entity that controls the computer system 600 may supply blockgenerator nodes (e.g., that are dedicated to performing thecryptographic calculations of the blockchain).

In certain example embodiments, the blockchain may be a privateblockchain implementation (e.g., where only authorized parties areallowed to read and/or write to the blockchain). In certain exampleembodiments, the blockchain 618 may include nodes used for issuingassets (resources) and nodes that are used for transacting or movingassets/resources between participant identifiers of the blockchain 618.

Issuer nodes may each hold one or more private keys and be responsiblefor creating new assets associated with a specific asset type. Incertain examples, each node has one private key used for creating and/ordigitally signing assets that are to be created by that node (e.g.,multiple asset types may be digitally signed or created with the samekey). In other examples, each asset has its own unique private key. Incertain examples, there is one issuer node per asset type and the issuernodes on the blockchain may be virtual machines (e.g., such thatmultiple virtual machines may be executed on one computer system).

Another type of node that is part of or interacts with the blockchain618 may be a manager or transacting node that is used to move assetsfrom one participant (e.g. the issuing company) to another participant(e.g., an investor). To allocate shares from, for example, a company toan investor, an allocation blockchain transaction is generated with aninput from the issuer address (e.g., the identifier of the company that“holds” the shares). This type of transaction is generated by a manageror transacting node. This transaction is then digitally signed by aprivate key held by the manager node. In certain examples, each managernode has a corresponding private key that is used to digitally sign suchallocation transactions (e.g., between participants). Once thetransaction is generated, submitted, and validated by the blockchain,then the quantity that is included with the transaction is effectively“held” by the participant identifier that received the transaction (e.g.as an unspent output).

Each transaction (or a block of transactions) is incorporated orincluded into the blockchain 618 via a proof-of-work mining process. Themining process may involve solving a computationally difficult problemthat is also easy to verify. For example, each node may attempt to“mine” a solution to the hash of a block or a transaction. Hashes (alsoreferred to herein as “hash functions,” “cryptographic hash functions,”and the like) include functions that map an initial input data set to anoutput data set. The output from a hash function may be referred toherein as a “hash identifier,” “hash value,” “hash data set,” or simply,a “hash”). Generally, the output values from a given hash function havethe same fixed length. Generally, if the same hash function is used onthe same input data it will result in the same output data value. Withsome hash functions (including those used in the context of blockchaintechniques and/or the subject matter of this application) the inputvalue is computationally difficult to determine when only the outputvalue is known. In certain examples, the input value for the hashfunction is supplemented with some additional random data. For example,an input value of “blockchain” for a hash function may include additionrandom data such as three random characters. Accordingly, the data valuethat is hashed may be “blockchaina5h” instead of simply “blockchain.”The additional random data is sometimes called a “nonce.”

In order to validate a new block into the blockchain, the proof of workprocess (or hash operation process) that is performed may includefinding an input hash value (i.e., the block) that results in an outputhash value that meets a given condition. As the data related to theblockchain transactions in the block are fixed, miners (e.g., nodes onthe blockchain) modify the nonce value that is included as part of theblock being validated until the output value of the hash function meetsthe given condition. For example, a target output value may have 5 zerosas the first four numbers of the hash. This is a problem that may becomputationally difficult to determine, yet relatively easy to verify.Each node that is part of the distributed computer system may also keepa copy or a portion of the blockchain 618 in storage (e.g., on disk orin RAM) that is local to the corresponding node.

The blockchain 618 may thus provide secure data provenance,immutability, protection from double-spend problems, and distributedrecord keeping (e.g., may different entities may have nodes that arepart of the distributed system that maintains the blockchain).

Digital asset repository computer system 600 includes computer processor(processor) 608 that executes or runs the micro-services applicationprogramming interface (API) 610 and user interface 612 (e.g., thatgenerates and provides web pages or other user interface elements thatmay be rendered into the screens of FIGS. 7A-7H that may be shown on auser device, such as 614A and 614B). The processor 608 also runsblockchain services 616. Blockchain services 616 may includefunctionality to both send and receive blockchain related transactionsand events. For example, a transaction may be submitted to theblockchain 618 for validation. In addition, a validated transaction maybe detected or received at the digital asset repository computer system600 via blockchain services 616. It will be appreciated that processor608 may be one or more processors. In certain examples, processor 608represents a distributed computing system.

Micro-services API 610 is an application programming interface thatallows machine readable data retrieval and interaction with digitalasset repository computer system 600 by external computing sources. Suchinteraction may be performed via web services or a messaging basedprotocol that allows an administrator on computing device 614B (e.g., amobile device, a PC, a tablet, etc . . . ) to interface with digitalasset repository computer system 600. For example, the micro-servicesAPI may provide a data stream that indicates when transactions have beensubmitted to the blockchain, when they have been validated, etc . . . .In certain examples, micro-services API 610 may be used to modify, add,or delete, information regarding assets, transactions, users, orparticipants. In certain example embodiments, the micro-services API 610may provide the data that is used to render screen shots 7A-7H.

User interface 612 allows a user, via user device 614A, to view, update,and/or control the digital ledger through pre-programmed actions. Userscan view the digital ledger (an example of a digital ledger is shown inFIG. 7B, where a user is presented with the screen that shows thetransactions for a given resource or asset), which represents ownershiprecords for assets defined in asset storage 604, and interact with thedata contained therein through a set of pre-programmed actions. A fullyauditable record of every interaction with the ledger may be created andstored for subsequent review. In certain examples, the user interface612 may be in the form of a web page or dedicated client application(e.g., as shown in connection with the screenshots of FIGS. 7A-7H).

Digital asset repository computer system 600 includes at least threedata repositories. These three repositories may be included as part of asingle database (e.g., a relational database), may be separatedatabases, or may be stored by using other techniques (e.g., a flatfile, or other data structure). In certain examples, the storagerepositories of the digital asset repository computer system 600 arelocated in-memory and/or on separate logical or physical devices.

Participant storage 602 includes records of all participants that canown or otherwise interact with resources defined within the system.Participant storage 602 may include public keys, private keys, andblockchain addresses or participant identifiers (e.g., derived by usinga one-way hash of a public key) associated with the participant andthese may be used for tracking blockchain transactions made by thatparticipant. In certain examples, one or more of the elements may besaved (e.g., private keys used to digitally sign transactions can besaved in an encrypted state). In certain example embodiments, theparticipants (e.g., a computing system controlled or maintained by thoseparticipants) can manage their corresponding private keys separatelyfrom the digital asset repository computer system 600. Thus, whendigital asset repository computer system 600 interacts with a blockchainto create a blockchain transaction that is to be digitally signed bythat participant, the computing system controlled by the participant maysupply the private key and/or may digitally sign the transaction andtransmit the digitally signed transaction back to the digital assetrepository computer system 600 for subsequent submission to theblockchain 618 for verification. In certain examples, the participantstorage 602 includes a digital wallet for each of the respectiveparticipant.

In certain examples, the private keys for each participant aredifferent. Alternatively, the private keys for each participant may beshared. For example, if a private blockchain used as blockchain 618,then the entity controlling the blockchain may use the same private keyfor all participant identifiers. Accordingly, when a blockchaintransaction from A to B may be digitally signed using the same privatekey as is used for a blockchain transaction from B to C.

A digital wallet is software and hardware (or specifically designedhardware) that allows a participant or user to generate and/or digitallysign blockchain transactions. The digital wallet can include a privatekey (e.g., that is known to the participant or user that the digitalwallet is associated with) and a series of identifiers (sometimes calldigital wallet identifiers, walletlDs, blockchain identifiers, etc . . .) that have been generated based on the private key. These identifiersare used to allow other users to “send” blockchain transactions, whichare recorded on the blockchain, to that identifier. Software associatedwith the digital wallet (e.g., via blockchain services 616) may then beused to query the blockchain to determine what unspent transactions(e.g., those transaction outputs not used as input for anothertransaction) are associated with the identifiers that are in the digitalwallet. Such software may then present a holistic view of what is“owned” by the holder of the digital wallet. For example, one hundreddifferent transactions of 1 share of a company on the blockchain (eachassociated with a different identifier) may be identified and thenpresented as 100 shares of the company. Thus, the identifiers that arestored in participant storage or a corresponding digital wallet may betransparent from the perspective of the user.

Asset storage 604 (sometimes also referred to as resource storage)includes records of all of the assets or resources tracked by digitalasset repository computer system 600. For example, each class of shareissued by a company may be a separate resource record in asset storage604. An asset or resource record may include the participant identifier(e.g., for a corresponding company) that the asset is associated with, aunique identifier that is used to uniquely identify the asset on theblockchain (e.g., which may be, for example, a 160 bit hash value of apublic key associated with the asset), a public key that may be used togenerate the unique identifier, a private key that may be used togenerate the public key (e.g., via elliptical curve cryptography or thelike), attributes that define the type of asset (e.g., asset type, classof shares, specific issuance), a number of shares that have been issuedfor this asset type, when the asset was created, etc . . . .

Ledger storage 606, in conjunction with blockchain services 616,interfaces with the blockchain 618 to store records of validated (orto-be-validated) blockchain transactions. A record in ledger storage 606may include source and destination identifiers that are mapped back torespective participants (e.g., stored in participant storage 602), ablockchain transaction ID, the unique identifier for the asset, an assettransaction quantity, a transaction date (e.g., when the transaction wassubmitted to the blockchain), a validation date (e.g., when thistransaction was ultimately validated by the blockchain), a price pershare, and/or a price of the asset transaction, etc . . . .

FIG. 2A illustrates example digital transactions that occur in acomputer-implemented digital asset repository system when a resource orasset is first issued by the system 600. In certain examples, as aprerequisite to “issuing” new shares, if Company A is not alreadycreated, then it is created as a new company and added to participantstorage 602 (see FIG. 4).

If this is the first time shares of a specific asset are being issued, anew asset type will be created in correspondence with this transaction.This may include creating new private and public keys, and a uniqueasset identifier for that newly created asset. Thus, for example, a newblockchain address and corresponding private and public keys may becreated. This newly created data may be saved along with the assetdefinition (e.g., class of share, quantity to be issued, etc . . . ) inasset storage 604.

FIGS. 2A-2C

In certain example embodiments, and as shown in FIG. 2A, creating a newasset may also involve an initial blockchain transaction “to” the uniqueidentifier for the asset in the form of an amount of cryptographiccurrency. For example, a blockchain transaction that moves an amount ofbitcoin (or other cryptographic currency) from the digital walletassociated with the digital asset repository computer system 600 (e.g.,a unique identifier for that digital wallet)

As shown in FIG. 2A, after creation of the asset and its correspondingdata, then a blockchain transaction 701 is generated to initializeand/or enable “asset” 708 to issue new shares. Blockchain transaction701 thus “sends” an amount of crypto-currency from the unique identifierassociated with the private exchange 700 to the unique identifier thatwas created for the asset 708. This transaction 701 includes the publickey of the private exchange 700 and is digitally signed by the privatekey of the private exchange 701 (e.g., as with a normal blockchaintransaction). As a result of blockchain transaction 701, an amount ofcrypto-currency (e.g., satoshis in a bitcoin example) is associated withthe unique identifier of the asset (e.g., as an unspent output). Theasset, by using its associated private key, may then “issue” a quantityof the newly created asset by having the crypto-currency amount “carry”(e.g., as a colored coin or the like) the asset as part of theblockchain transaction. In certain example embodiments, transaction 701may be added to the ledger store 606. However, in other embodiments itis not added to the ledger store 606 because this transaction does notmove the asset from one entity or participant (e.g., the uniqueidentifiers associated with that entity) to another.

Once there is an unspent amount of crypto-currency associated with asset708, it may then “issue” shares of the asset and have transactions ofthe issuance verified by the blockchain (e.g., as originating from theasset 708)

Thus, transaction 702 may be generated for 500 shares and represents thecreation of shares that can be subsequently distributed to investorsfrom company A 703. Transaction 702 is a blockchain transaction that isfrom the unique identifier associated with the asset to the uniqueidentifier associated with Company A 703. Transaction 702 also includesthe public key of asset 708 and is digitally signed using the privatekey of both the asset 708 and private exchange 700. Transaction 702 maythen be submitted to the blockchain, verified, and also added to ledgerstorage 606.

Subsequent distributions to participants 1 and 2 are made in the form ofblockchain transactions 706A and 706B to the unique identifiers (e.g., ablockchain address) 705 and 707 that are respectively associated withthose participants. These transactions (which may be a singleone-to-many blockchain transaction) are digitally signed by the privatekey of Company A and submitted to the blockchain and recorded in ledgerstorage 606.

Other example techniques may be used in combination with (oralternatively to), the issuance process described in connection withFIG. 7A. For example, transaction 701 and 702 may be one transactionthat is generated to the identifier 703 associated with company A (e.g.,which may be similar to a coinbase transaction in a conventional bitcoinimplementation).

A constructed issuance transaction may take an asset identifier as aninput and have, as outputs, the asset identifier, an amount of theasset, participant identifier (e.g., a blockchain address). In certainexamples, a script address may also be provided (e.g., that specifies ahash of an unlocking script).

In certain examples, each transaction may be effectively digitallysigned by the multiple private keys (or requires the digitally signatureof multiple keys). For example, one private key (or a collection orprivate keys) may be associated with the issuer and/or manager nodesdiscussed herein. Alternatively, a key may be controlled by the entitythat controls or manages the blockchain 618. Another key may beassociated with, for example, the entity that controls computing system600. And a third key may be held in escrow. Every transaction on theblockchain may be digitally signed by or require 2 out of 3 of thesekeys in order to unencumber the transactions. Accordingly, for example,if the key associated with computer system 600 is lost, the escrow keyand the blockchain key may be used to still spend unspent blockchaintransaction outputs.

Thus, T1, T2 (or T1T2 if these are one transaction), T3, and T4 can bedigitally signed by and/or require two different private keys that arerespectively held by different computer systems and/or entities. The 2key requirement can help ensure that there is agreement when atransaction (such as a share allocation) should be generated andvalidated.

FIG. 7B illustrates an example user interface that shows a transactionfrom Garak and Letta to Weyoun and Dukat. This may show the fulltimeline of a given resource, asset, or equity that is being transferredamong the listed participants. This allows auditors or other 3rd partiesto more readily grasp the transactions that have occurred. As discussedherein, this may be particularly advantageous in areas (such as privateequity offerings) that have had more ad-hoc to recording such transfers.

Initially, Garak and Leeta both had 500 k of a “seed” type of an asset(e.g., that is a separate asset type that series A or series B). Theblockchain transaction that is generated has both the quantity of Garakand Leeta as inputs to the blockchain transaction and quantity toWeyoun, Dukat, Garak, and Leeta as outputs to the transaction. This is amany-to-many blockchain transaction. Another one-to-many transaction isshown from Michael Eddington to Damar with Michael providing the inputand outputs associated with both Michael (e.g., the remainder) andDamar.

In certain example embodiments, many-to-many transactions may be used inconjunction with an auction process that may be performed by thecomputer system 600. FIG. 7C shows an example view of an in-progressauction that has 3 buyers and 11 sellers. Here the positions or holdingsof each of the individuals can be validated against the blockchain toensure that both buyers and sellers have what they are putting into theauction. In the case of buyers, this could be in the form of verifyingthat an appropriate amount of money is available. This could berepresented through a digital token issued by an escrow or transferagent that is holding the money. Conversely, the positions offered bythe sellers can be verified against the current blockchain transactionrecords (e.g., that Odo does in-fact have enough quantity to offer thelisted amount)

At the conclusion of the auction (e.g., when the auction is executed), atransaction price for the auction will be determined. The transactionsto carried out as a result of the auction may be included in one singleblockchain transaction (e.g., from the 11 participants to the 3 buyers).Such a many-to-many blockchain transaction may be visually presented tousers (e.g., on a corresponding user device) as shown in FIG. 7D.

FIG. 7D indicates, for example, that William Ross has completely zeroedout his initial position of 17.5 k as there is no remainder associatedwith him after the transaction is executed. Conversely, Blackgem Inc.now has a position of 337.7 k. Other participants have reduced theirpositions. FIG. 7E shows another user interface screen shot thatillustrates all of the parties that participated in this many-to-manytransaction. This shows the old positions (on the left) and the newpositions (on the right). This type of user interface screen may allowusers to track the chain-of-custody of an asset as it has moved betweendifferent participants.

In certain example embodiments, the transactions (e.g., from Company Ato another participant) may be digitally signed by a private key that iscentrally controlled and associated with computer system 600. In otherwords, assets may be moved from the address associated with a company(or the system, the asset, or other participants) to another addresswith a transaction that is digitally signed by a private key/public keycombination that is associated with computer system 600. Indeed, varioustypes of cryptographic access to the assets may be employed according tothe embodiments described herein including multi-signature embodimentswhere a participant and the system 600 (or participant and company) bothdigitally sign a transaction.

FIG. 2B shows an example process for issuing digitally based assets onthe system shown in FIG. 1 and FIG. 2C shows example transactions thatoccur in relation to issuing digital assets according to certain exampleembodiments.

In S10, a user or system administrator with sufficient permission to acton behalf of a participant (e.g., Company A) provides user input to userdevice 614A or 614B, the user input indicating that a new asset forparticipant should be issued. In response to this user input, the userdevice 614A or 614B sends an electronic message to the digital assetrepository computer system 600. The electronic message includes adigital resource issuance request that a new asset for the participantis to be issued. The electronic message is received by a transceiver ofthe digital asset repository computer system 600 and is passed to theuser interface 612 or micro-services interface 610 for processing.

In S12 and as part of the processing, the contents of the electronicmessage are extracted and mapped to a command (or set of commands) thatcorresponds to the request included in the message (e.g., a request tocreate and issue a new asset). The corresponding command(s) may then beautomatically executed by the processor 608 of the digital assetrepository computer system 600.

As part of the executing commands, in S14, the processor 608 identifiesthe participant that is to be associated with the asset issuancetransaction. For example, a private key, public key, and/or uniqueidentifier for the participant may be retrieved and used for formulateblockchain transaction that is subsequently created. In certainexamples, a new unique identifier and/or public key may be created forthis particular transaction and be associated with the blockchaindigital wallet of the participant. This new information may be derivedby using the private key that is associated with the participant. Thus,a participant may be associated with multiple different public keysand/or unique identifiers (e.g., blockchain addresses).

In S16, processor 608 creates a new private key that will be used tosign any subsequent issuances of this asset. A public key based on theprivate key (e.g., a hash thereof) may also be created. The public keymay also be hashed to generate the unique identifier (e.g., a blockchainor bitcoin address) that uniquely identifies the asset in the digitalasset repository computer system 600 and on the blockchain 616. Thenewly created private and public key, unique identifier, and otherassociated information (e.g., asset type, number of shares to be issued,date of issuance, and/or other data that can vary based on the type ofasset being issued) will be stored in asset storage 604. The private keyfor the asset ensures that no other entity will be able to duplicate theasset that has been created by the digital asset repository computersystem 600 and issue blockchain transactions that include that asset. Incertain examples, this assurance is accomplished because all assets fora particular asset must originate from the blockchain address (theunique identifier that is based upon the private key for that asset)associated with that same asset. The initial blockchain transactionincludes the public key of the asset and is signed by the private key ofthe asset. Thus, a blockchain transaction is created from the uniqueidentifier of the asset to another identifier (e.g., associated with aparticipant). This cryptographic process ensures that only an entity orsystem (e.g., digital asset repository computer system 600) thatcontrols the private key associated with the asset can issue additionalquantity of that asset.

In certain examples, a participant may not wish to create a new asset,but may rather wish to expand an existing asset that is already definedwithin the digital asset repository computer system 600. For example,company A 703 in FIG. 2A initially issued 500 shares and now wishes toissue 500 additional shares. Thus, data that indicates the asset (e.g.,the unique identifier for asset 708) may be part of an initialelectronic data message that is sent from a user device 614A to thedigital asset repository computer system 600. This information may thenbe used to retrieve the private key for the digital asset and thusgenerate a new blockchain transaction (which includes the public key ofthe asset and is signed by the private key of the asset) that is “from”the unique identifier associated with the asset to the unique identifierassociated with the participant that is issuing the asset (e.g., thecompany). In correspondence with generation of the new blockchaintransaction, the digital asset repository computer system 600 may updatethe corresponding asset record included in asset storage 604 (e.g., byadding or subtracting quantity). Alternatively, a new entry (e.g., a newdatabase record) may be created that indicates that particulars of thisspecific asset issuance.

In any event, in S18, a new blockchain transaction is created andsubmitted to the blockchain to record the issuance of the new shares tothe participant. In certain example embodiments, the shares will beissued from the unique identifier of the asset to the unique identifierof the participant (e.g., its digital wallet). Alternatively, theblockchain transaction from the unique identifier associated with theentity that operates the digital asset repository computer system 600(e.g., 700 in FIG. 2A) to the unique identifier of the participant(e.g., 703 in FIG. 2A).

More specifically, the processor 608 can be programmed to create ablockchain transaction made up of multiple inputs and outputs (such asthe transaction shown in FIG. 7B). Generally, inputs can be the unspentoutputs associated with a public address (a unique identifier)—which canbe a participant identifier or the identifier for the asset. Atransaction can be a combination of unspent outputs and new outputs thatare directed to new public addresses (e.g., the address that thetransaction is being “sent” to). The transaction that is being sent isalso “signed” using the private key associated with the address wherethe inputs are coming from (e.g., the participant identifier for whichthe assets in question are associated with on the blockchain).

Thus, in the case of an issuance transaction (e.g., transaction 702 inFIG. 2A) the private key created with the asset is used to sign thetransaction. In the case of a regular transaction (e.g., 706A and 706Bin FIG. 2A) the hash of the private key corresponding to participant forwhich the asset is being transferred from will be used to sign theblockchain transaction. In certain examples, the process may be similarto the creation and submission of a blockchain transaction to theblockchain described in FIG. 2 of U.S. Patent Application No.62/270,560. In certain examples, the quantity associated with thetransaction is also included in the newly created blockchaintransaction. In certain examples, the blockchain transaction includes(e.g., as an input) an assetlD (e.g., the unique identifier for theasset) that is generated from the private key that uniquely identifiesthe asset. This assetlD is then appended or added to the blockchaintransaction.

Referring to FIG. 2C, a blockchain transaction may be created based on acombination of the information represented in fields 709 and 710. Thecreated blockchain transaction is submitted, through blockchain services616, to the blockchain 618 for validation by blockchain computing nodesthat digitally “mine” the transaction. Once validated, the submittedtransaction becomes part of an immutable record (the distributedblockchain ledger) that represents creation of this asset.

In S20 and in correspondence with creation and/or submission of thetransaction to the blockchain, the outputs resulting from the blockchaintransaction are returned back to or detected by the system 600 and thetransaction is stored in the ledger storage 606. Such outputs mayinclude a blockchain transaction ID. An example transaction ID is shownin the screen shot of FIG. 7G.

The information stored in ledger storage may include the blockchaintransaction ID, a reference to the source and destination digitalwallets (or the unique identifiers), an asset identifier, and an amountof the asset that is subject to the transaction. Other data thatcorresponds to the transaction may be added to ledger storage 606 andlinked to the created blockchain transaction. Such information mayinclude the information represented in fields 712 shown in FIG. 2C. Forexample, whether the transaction has been validated on the blockchain,what block in the chain the validation is associated with, a rule 144date of the asset transaction, the price per share of the assettransaction, the investment value of the asset transaction, conditionsassociated with the asset transaction, etc . . . . It will beappreciated that these fields may vary based on what type of asset isbeing transacted and the type of transaction (issuance, transfer,re-classification, cancelation, etc . . . )

In S22, digital asset repository computer system 600 monitors, via theprocessor 608 and blockchain services 616, the blockchain 618 todetermine when the submitted transaction has been validated by theblockchain. Responsive to determining the submitted transaction has beenvalidated, ledger storage 606 is updated to reflect that the transactionstored in S20 has been validated by the blockchain. The digital assetrepository computer system 600 may determine that a transaction has beenvalidated by reviewing validated blocks of the blockchain 618 as theyare published.

FIG. 2C shows that issuance to an investor may be a two-step processthat requires two (or three) separate blockchain transactions. Here, theoperator of system 600 (e.g., Nasdaq) issues new shares as describedabove and expressly links this issuance to a transaction that isvalidated by the blockchain. The transaction submitted to the blockchainincludes a unique, public identifier of the asset and an amount of theasset. This information is represented by fields 710 (e.g., “Co. A:Common” may correspond to the unique identifier). As discussed above,this information is, along with information 712, stored in ledgerstorage 606.

After validating transaction 702, company A (a participant in system600) can issue 300 shares to participant 1 in the form of transaction706A. This transaction will be based on the same unique assetlD, buthave a different quantity associated with it.

In certain example embodiments, digital asset repository computer system600 may independently verify that the amount of assets being transferredfrom one participant to another participant is valid (e.g., that thefirst participant does “own” the assets being transferred). In otherwords, the blockchain may only verify that the underlyingcrypto-currency amount for the blockchain transaction is valid, and notvalidate the quantity of the asset transaction. For example, supposetransaction 706A and 706B were both for 300 shares. The blockchain mayverify both of these transactions as valid because the original assetissuance is from the asset identifier. However, the crypto-graphicprocess may not be able to determine that the sum of the amounts in thetwo transactions exceeds the initial 500 share allotment. Thus, digitalasset repository computer system 600 may perform an independent check toverify that the quantities being transacted on the blockchain for agiven asset are valid quantities.

FIGS. 3A-3C

FIG. 3A shows an example process for transferring assets from oneparticipant identifier to another participant identifier of the system600 shown in FIG. 1.

In S30, a user or system administrator with sufficient permission to acton behalf of a participant (e.g., investor A) provides user input touser device 614A or 614B, the user input indicating how many shares (orother quantity) are to be transferred and to whom (e.g., anotherparticipant) the shares are to be transferred to. In certain examples,the user also provides a price (e.g., a price per share or total price)that is associated with the transfer. In response to the provided userinput, the user device 614A or 614B sends an electronic message to thedigital asset repository computer system 600. The electronic message mayinclude the destination participant (e.g., a unique identifier for theparticipant), the source participant (e.g., a unique identifier for thesource participant), the asset (e.g., an asset identifier), and aquantity of the asset. The message is received by a transceiver (e.g., anetwork interface card) of the digital asset repository computer system600 and is passed to the user interface 610 or micro-services interface612 for processing. In certain examples, assets that a participant cantransfer may be presented to a user via a web page or the like. Forexample, FIG. 7F shows the number of shares that are associated withparticipant Leeta. In this illustration, the 500 k shares are “voided”because that quantity is associated with blockchain output that hasalready been spent (e.g., as shown in FIG. 7B). The new, and still valid466 k shares are associated with a blockchain transaction that hasunspent outputs. A user can then choose which assets to purchase orsell. Based on this selection, the electronic message (e.g., an order)may be generated and submitted to the digital asset repository computersystem 600.

For example, Leeta (or a user that is authorized to act on Leeta'sbehalf), may enter user input that indicates a request to transfer 50 kshares to Kira Nerys. In response to this input (and a correspondelectronic message that is sent to the computer system), computer systemwill (e.g., automatically) use the blockchain transaction that isassociated with the 466 k shares to make two further transactions (whichare combined into one blockchain transaction). The inputs from the blockchain transaction will be the 466 k shares from Leeta and the outputswill be 416 k to Leeta and 50 k to Kira.

In S32, an asset transfer request (e.g., as described above) is receivedand is mapped to pre-programmed functionality (e.g., a software program)that is executed by the processor 608.

In S34, processor 608 identifies the participants that will be involvedin the transaction. As part of this process, the processor 608 accessesparticipant storage 602 to verify the participants and retrieves uniqueidentifier public, and/or private key information. This information willbe used to later form and sign the blockchain transaction.

In S36, processor 608 extracts, from the electronic message submitted bya user device, the asset that is the subject of the requestedtransaction and verifies the asset by accessing asset storage 604.

In S38, the processor verifies that the source participant of thetransaction does, in fact, hold an appropriate quantity of the asset tocomplete the transaction. This verification is accomplished by accessingledger storage 606 and determining that the source participant isassociated with unspent output blockchain transactions that are linkedto a sufficient quantity of the asset in question. This process mayinclude summing multiple different blockchain transactions that areassociated with the source participant to determine a total assetquantity that is “owned” by the source participant. In certain examples,if the processor determines that the source participant does not ownsufficient quantity the transaction will be aborted and the ordersubmitting user notified. In certain examples, only transactions thathave been validated (e.g., those that are more than 1 block deep withinthe blockchain 618) are used to determine the total quantity owned bythe participant. In other examples, non-validated transactions are alsotaken into account. In certain examples, non-validated incomingtransactions of assets (e.g., the participant is the receiver) are nottaken into account, but outgoing transfers (e.g., the participant is thesender) of non-validated transactions are taken into account. As part ofthe verification process, in S40, the processor 608 may also query, viablockchain services 616, the blockchain to verify the asset ownership.

After verification, in S42, the processor will generate a blockchaintransaction based on private and public keys of the source participant,and any additional outputs that are needed from ledger storage 606 toformulate a further blockchain transaction. In certain examples, theblockchain transaction includes data from fields 806 and 822 of FIGS. 3Band 3C. The created blockchain transaction is then submitted, viablockchain services 616, to the blockchain 618 for validation.

In S44, in correspondence with submission of the newly createdblockchain transaction to the blockchain, ledger storage 606 is updatedwith information related to the submitted transaction. This informationmay include the data fields shown in 808 and 824 in addition to datafields 806 and 822 that make up part of the created blockchaintransaction.

In S46, digital asset repository computer system 600 monitors, viaprocessor 608 and blockchain services 616, the blockchain 618 todetermine when the previously submitted transaction has been validatedby the blockchain 618. Responsive to determining the submittedtransaction has been validated, the ledger storage is updated to reflectthat the stored transaction (from S44) is a validated blockchaintransaction. The digital asset repository computer system 600 maydetermine that a transaction has been validated by reviewing validatedblocks of the blockchain as they are published.

FIGS. 3B and 3C show example transactions that occur in relation totransferring digital assets between participants according to certainexample embodiments.

FIG. 3B is an example one to many transaction 810 (this may representmultiple blockchain transactions or one single blockchain transactions)that occurs between participant 1 and participants 2, 3, and 4. Incertain instances such a transaction is referred to as a distributingtransaction. Participant 1 is also included as an “output” because a newtransaction occurs between Participant 1 and Participant 1 to reflectthe reduced quantity of company A's common stock “owned” by Participant1. Data fields 806 represent information included on the blockchain anddata fields 808 represent data stored in ledger storage 606 and linkedto the blockchain transaction (but this information is not storeddirectly on the blockchain according to certain example embodiments).

FIG. 3C is an example of a many-to-one transaction 826. Such atransaction could represent a share-buyback exchange or one participant(Participant 1) buying out other stake holders (2, 3, and 4) in anasset. Data fields 822 are fields that are present and part of theblockchain transaction and data fields 824 are fields that existseparately from the blockchain and stored in ledger storage 606. Here,participants 2, 3, and 4 have unspent blockchain transactions associatedwith 100, 50, and 50 shares of common stock of company A. Each of theseunspent blockchain transactions is used as an input to form atransaction to Participant 1 that includes 200 shares of company Acommon stock. This newly created transaction is then submitted to theblockchain for verification. In certain examples, while the blockchainmay verify that the unspent satoshi's (or other unit that is used forthe blockchain) add up, there may be no blockchain verification that theasset quantities that ride along with the blockchain transactions addup. Accordingly, digital asset repository computer system 600 mayinclude its own validation program to ensure that all inputs for anasset quantity are accounted for as outputs for the transaction. Thus,digital asset repository computer system 600 verifies that the 100, 50,and 50 shares of common stock are no longer associated with theircorresponding participants and that 200 shares are now associated withparticipant 1.

It will be appreciated that one-to-many, many-to-one, and many-to-manytransfers may be advantageous when handling assets in the private equityspace. For example, in a traditional system the distribution of 20shares to 100 different employees would require 100 differenttransactions. However, according certain example embodiments discussedherein, this type of distribution may be accomplished with oneblockchain transaction that has 100 different outputs (or 101 if thesource has leftover assets) associated with different unique identifiersfor each of the employees (e.g., that may be participants in system600). One example of a many-to-many blockchain transaction may be whenan auction process is held as is shown in the example screens of FIGS.7C-7E.

As with the other examples, in correspondence with the submission of thenew transaction to the blockchain, one or more new records are createdin ledger storage 606. In certain examples, multiple records are created(e.g., a row in a database table or the like) linking to the sameblockchain transaction. In certain examples, one blockchain transactionrecord is created and added to ledger storage 606 that links to allthree inputs and the one output.

It will be appreciated that other types of blockchain transactions maybe created in connection with the example techniques described herein.For example, a many-to-many transaction (e.g., 2 or more inputs and 2 ormore outputs) may be used for a transaction.

An example blockchain transaction for an allocation transaction may haveinputs that include the asset identifier that is subject to theallocation, the participant identifier that is allocating some (or all)of their quantity, the amount that is “held” by the participantidentifier for that asset identifier, the transaction identifier (or ahash thereof) of the prior transactions that have unspent outputs, etc.If the participant that is allocating is not allocating all of theirheld quantity, then there will be two outputs, one to the transferee,and a remainder to the identifier of the transferor. Each of theseoutputs will be associated with a different blockchain address (e.g.,the remainder will be associated with the same participant identifier asthe source), and an amount of the asset being allocated.

FIG. 4

FIG. 4 shows an example process for registering participants that arethen allowed to interact with certain digitally based assets via theexample system shown in FIG. 1.

In S90, a user or system administrator with adequate permissions (e.g.,permissions to create new participants) provides input to acorresponding user device that sends an electronic message via the userinterface 612 or other API requesting that digital asset repositorycomputer system 600 create a new participant for the system.

In S92, in response to reception of this message, the request includedin the message is mapped to an appropriate command that is included aspart of the API and then sent to the processor for execution

In S94, in accordance with execution of the commands by the processor, anew participant will be created within the system. In certain exampleembodiments, a digital wallet or digital walletld (e.g. a bitcoinaddress) may be created and assigned to the newly created participant.

Other types of functionality may also be supported by the digital assetrepository computer system 600. For example, shares that are issued to aparticipant may be revoked (e.g., by the issuing company) or destroyedby the operator of the digital asset repository computer system 600. Inthe case of revocation, a new blockchain transaction may be created thatsends the revoked shares from the digital wallet of the participant tothe digital wallet of the company. In the case of destruction of theshares (e.g., the company is disbanded, etc . . . ), the operator of thedigital asset repository computer system 600 may create a blockchaintransaction that indicates the shares of have been destroyed. In certainexamples, the digital asset repository computer system 600 may delete(or mark as deleted) the asset type from asset storage 604. This actionwould effectively render the data that is included as part of thevarious blockchain transactions irrelevant or meaningless.

It will be appreciated that such actions are may possible becausedigital asset repository computer system 600 controls the variousprivate keys for each of the participants that are associated withunspent outputs on the blockchain 618. Thus, the digital assetrepository computer system 600 may issue new transactions that movessuch outputs to blockchain addresses that would effectively remove theasset from the “market.”

In certain examples, the digital asset repository computer system 600may change the class of share that is associated with a transactions. Incertain examples, this may include updating the type in the assetstorage or creating a new share class. In accordance with this change, aparticipant that previously owned the type of “old” class may have theirshares canceled (e.g., moved from their digital wallet to the digitalwallet of the company) and also have new shares in the “new” classconcurrently issued (from the digital wallet of the company to thedigital wallet of the participant). In other examples, a new asset maybe created as described above (e.g., with the new share class) and twotransactions may be formed. The first may revoke the old share class andthe second may issue the new share class. The information associatedwith such blockchain transactions may then be recorded in ledger storage606.

In certain examples, an asset transaction may be corrected by thedigital asset repository computer system 600. In certain instances, thismay involve creating another blockchain transaction that effectivelycancels out the previously submitted blockchain transaction. In certainexamples, the metadata that is stored in the ledger storage may beupdated independently of the blockchain transaction that is associatedwith it. For example, the SEC rule 144 date may be a data field thatonly exists in ledger storage. Thus, the rule 144 date may be updatedwithout reference to the corresponding blockchain transaction. Otherfields in ledger or asset storage may be similarly updated. In certainexample embodiments, a hash of the information that is not stored aspart of the blockchain transaction may be incorporated into theblockchain transaction. For example, each of the extra fields may beconcatenated and then hashed. The resulting hash value may be added tothe blockchain transaction. This additional verification may preventchanging data fields that are not directly incorporated into theblockchain.

FIG. 5

FIG. 5 is a non-limiting example function block diagram of a centralizedcomputer system (e.g., centralized because one entity controls thecomputer and the operations that are programmed into the computer) thatinterfaces with a blockchain according to certain example embodiments.In certain example embodiments, a centralized computer system 1000electronically stores (e.g., in a database as part of an electronicstorage system) an electronic version 1002 of a contract such as, forexample, a stock purchase agreement (SPA) or a stock transfer agreement(STA). In certain example embodiments, the digital asset repositorycomputer system 600 includes the centralized computer system 100. Thecreated contract may specify a pending allocation of shares, a class ofshares, certain types of investor (or a particular investor), etc . . .that are eligible to act against the contract (e.g., to acquire theshares). In certain examples other electronic documents are associatedand linked to the allocation contract (e.g., that define voting rights,a transfer agreement, and the like).

An electronic document may have a required number of signatures orsignature blocks that must be fulfilled for the document to beconsidered executed. In the example shown in FIG. 5, electronic contract1002 requires 4 different signatures. As shown in FIG. 5, computersassociated with entities 1, 2, 3, and 4 communicate (e.g., viaelectronic data messages) with centralized computer system 1000 toprovide electronic signatures that are applied to electronic contract1002. In certain example embodiments, the signatures may be a trueelectronic signature (e.g., which can be thought of as a contract wherean individual agrees their signature is represented by clicking abutton, or the like, via a computer), a photo copy of a traditionalsignature, or a cryptographic digital signature.

In certain example embodiments, the created contract is hosted by andstored by, for example, centralized computer system 1000 and may beaccessed and viewed by participants or entities that may be party to thecontract. Such access may be provided by way of a web site or othertechnique for allowing entities to remotely access, view, and interactwith (e.g., sign) the contract at issue. Such access may be provided viadesktop computers or mobile computing devices (e.g. a smartphone,tablet, laptop, etc . . . )

Upon signature of the contract by the entities (e.g., by one, or more,or all of entities 1-4) an electronic version of the document may becreated (e.g., as a PDF) and saved with the provided signatures. Incertain example embodiments, in addition to applying signatures to theelectronically stored document, the central computer system 1000 may adda verification logo or other sign that indicates that the contract(e.g., upon reception of all required signatures) has been validatedand/or verified by the centralized computer system 1000 (or the legalentity that controls the computer system). In certain exampleembodiments, the verification may include a cryptographic signature(e.g. a digital signature) indicating the entity that has verifiedand/or authenticated the nature of the document (e.g., that it has beenproperly executed by the required parties).

In certain example embodiments, upon execution of a document or contract(e.g., where all entities that are required to sign have, in fact,signed the document), a transfer of funds process may be started. Thefunds transfer process may be provided and initiated from thecentralized computer system 1000. In certain examples, the web site thatdisplays the contract information (e.g. ,through which the partiessubmit their signatures) also provides an interface to trigger a paymentprocess. In certain example embodiments, this payment process is onlyavailable (e.g., visible or triggerable) through the website upon adetermination (e.g., by the centralized computer system) that allrequired parties have signed document 1002. The contract may be, forexample, a contract to provide a certain number of shares to a givenindividual in return for a certain amount of money.

In certain example embodiments, a payment process may be facilitated bya third party transfer agent that enables the transfer of money betweentwo different entities. As described herein and unless otherwisespecified, the transfer agent generally refers to a computer system thatis operated on behalf of the transfer agent. In other words, unlessotherwise specified, the transfer agent is a computer system that isappropriately programmed (e.g., via application programming interfacesor software services) that allows other computers to request thetransfer of funds from one account to at least one other computeraccount.

In the example in FIG. 5, entities 3 and 4 are the two entities forwhich funds will be exchanged (e.g., entity 3 is issuing private equityshares which are being purchased for a certain amount by entity 4) Inthis example, entities 3 and 4 may have previously setup accounts withtransfer agent 1004 (e.g., similar to how a bank account may operate toindicate where the money will be withdrawn from and where it will bedeposited to).

In certain example embodiments, the entities may provide their accountinformation to the centralized computer system 1000 that then interfaces(e.g., via a web service or other application interface provided on thetransfer agent) with the transfer agent upon execution of the contractto thereby trigger the payment process action. The account informationprovided to the centralized computer system 1000 is transmitted to thetransfer agent that they performs the requested transaction. Forexample, centralized computer system 1000 communicates with transferagent (e.g., over network 1001 and via appropriately programmed softwareservices) to trigger a transfer of funds from the account associatedwith entity 4 with transfer agent 1004 to the account of entity 3 thatis associated with the transfer agent. As a result of a successful fundstransfer, transfer agent 1004 may generate a secure API token that ispassed back to the centralized computer system 1000. The token mayrepresent a receipt of sorts that the transfer of funds has beensuccessful. In certain example embodiments the token is a hash or one ormore characteristics of the transfer that occurred.

Alternatively, or in addition and as explained in greater detail below,the funds transfer process may occur entirely within the centralizedcomputer system (and blockchain 1006 to which it interfaces) instead ofrelying or using a third party for transferring the funds associatedwith the electronically stored contract.

Upon reception of a response (e.g., the token) from the transfer agentthat indicates the transfer of funds has been successfully initiated,the centralized computer system then triggers a process to create apermanent record on the blockchain for the electronically executedcontract (e.g., which may be allocation of private equity stock).

The permanent record is stored as a transaction on the blockchain. Theblockchain transaction that is created may include the followinginformation regarding the transaction between the issuer and investorentities: 1) The legal names and address of the issuer and investor (andperhaps any other person who signed the electronic document, 2) thenumber of shares associated with the transaction, 3) the price of eachshare (or the total price of the transaction), 4) the class of sharesthat were issued or transferred, 5) the date of the execution (e.g.,when the electronic document was executed), 6) the 144 date for thetransaction, 7) hashed values of all of the documents associated withthis transaction (e.g., there could be more than one document that issigned per issuance, 8) data or hashes for every signature that wasexecuted (e.g. the contract name, the signer, timestamp, and additionalmetadata associated with the electronic signature), 9) data associatedwith the funds transfer (e.g., account information, the token associatedwith the transaction, the timestamp, a transaction ID for the fundstransfer procedure, or the like). This and other information may beincluded as part of a formed blockchain transaction that is submitted tothe blockchain for verification and incorporation therein.

It will be appreciated that the nature of the information included aspart of the blockchain may be based on specific application needs. Forexample, regulatory or contract needs may require the specification ofcertain data fields, while others are excluded. In certain examples, theinformation contained in the blockchain may include a token or uniqueidentifier that acts to point to an internal database maintained by thecentralized computer system 1000 (e.g., as described above in connectionwith FIGS. 1-4). As the information regarding the transactions are partof a publically available distributed ledger of the blockchain,independent parties (e.g., auditors, regulatory agencies) can verify andsee the nature of the transaction that has occurred.

It will be appreciated that, the conventional processes for how suchcontracts and their execution were handled in the past could be errorprone and/or time consuming. The computer system and automated processes(e.g., software programs) described herein brings many separateprocesses that were separately handled as part of an ad hoc processunder the control of a single computer system (e.g., controlled by oneentity) that provides a more centralized and predicable control for theexecution and recordation of a contract (such as the allocation ortransfer of private equity instruments). For example, the transfer offunds between two parties may only be allowed once the contract has beensigned by all required parties. This verification is programmaticallyenforced by the centralized computer system 1000 based on reception of,for example, the provided secure token and/or account information. Thisinformation, along with the particulars of the executed contract, isincluded (expressly or via a reference token that references aninternally provided database) in a blockchain transaction generated,submitted, and then verified by the distributed system that makes up theblockchain. In short, all information that is required for thetransaction (e.g., an allocation or issuance of a private equity) may beincluded as part of the blockchain transaction. This aspect may befacilitated, as least in part, by the centralized computer system 1000being involved in every aspect of the transaction (e.g., from creationof the contract, to execution, to fulfillment of terms of the contract,to recordation and storage of the contract, etc . . . ).

An implementation that stores all of this information in a repository(e.g., the blockchain) is advantageous because, for example, an auditormay reference this information without having to hunt down informationat different locations (e.g., by visiting different law firms,companies, or individuals). In certain examples, a subset of theinformation associated with a transaction may be stored on theblockchain and the superset may be stored in a database of thecentralized computer system 1000. These two information data sets may belinked through the use of a token or other key (e.g., a pointer) storedin the blockchain transaction and provides a reference back to theinternally maintained databased. In such instances, an auditor (or otherindividual) may still find this implementation advantageous as therequired data is contained on the blockchain and/or the centralcomputing system.

In certain example embodiments, a smart contract may be integrated(e.g., entirely) into the blockchain system. In this type ofimplementation, the “contract” may be tied to a blockchain address thatis capable of receiving and holding assets. The assets (e.g., digitaltokens, shares, digital currency) may be released or transferred uponsatisfaction of specific conditions defined by the contract. In otherwords, it is an autonomous, programmatic construct that may functionlike an escrow agent.

FIG. 6

FIG. 6 is signaling diagram for an example (e.g., atomic) blockchaintransaction performed between an issuer identifier on the blockchain, acontract address on the blockchain, and an investor address on theblockchain. Here, three different blockchain entities (e.g., differentblockchain addresses as discussed herein) are used for executing a smartcontract. Blockchain issuer 1102 may be associated with a company thatis issuing private equity shares or the like. Blockchain investor 1106may be a person who is looking to invest in the company. And blockchaincontract 1104 is, as discussed above, an autonomous agent that holds theshares that are being distributed by the company until satisfaction ofcertain defined programmatic conditions.

In step 1110, the blockchain issuer creates a share transfer agreement(STA) and allocates shares to a blockchain address associated with thecontract (i.e., blockchain contract 1104) in step 1112. The contractincludes a programmatic script that must be satisfied in order for theshares assigned to the blockchain contract address 1104 to be released(e.g., to the investor). The contract may include all of the shares,prices, terms, etc. associated with owning the shares. An examplecontract is shown in FIG. 7H. Once the shares are allocated toblockchain contract 1104 (e.g., 1 in the case of FIG. 7H), the sharesare available and may not be removed without satisfying the programmaticterms of the SPA. In certain examples, there may be additional clausesor options that allow blockchain issuer 1102 to cancel the contract(e.g., prior to execution by blockchain investor 1106). For example, thecontract (e.g. the offer for shares to purchase) may be automaticallycanceled after 7 days.

It will be appreciated that the issuance of the contract in step 1112,is more than just recording the nature of the contract, but ratherrepresents legal intent with the committed assets (e.g., the offeredshares). In other words, if the conditions of the blockchain transactionare satisfied, the assets are legally transferred upon execution of theblockchain transaction associated with the asset. Accordingly, theblockchain contract address 1104 may be similar in function to escrow.

Once the contract and shares are associated with blockchain contract1104, the investor associated with blockchain investor may review theterms of the contract at step 114 (e.g., such as through a web page orthe like as shown in FIG. 7H). In certain examples, the terms of thecontract (e.g., the payment of digital or other currency to theblockchain issuer 1102 address) must be satisfied for blockchaincontract 1104 to release the shares to blockchain investor 1106. Here,the terms of the contract may be embodied in a programmatic script thatis associated with the blockchain transaction that is holding the sharesto be purchased. Only upon satisfaction of the terms of the script (ormore precisely the terms set forth in the programmatic script) will theshares be transferred to another blockchain address.

After reviewing the terms of the STA in step 1114, if the investor isstill interested he may create a blockchain transaction to accept thetransaction or allocation. For this process, the investor creates ablockchain transaction that includes inputs of (1) digital currency(this may be a token for real currency as well) from blockchain Investor1106 and (2) shares in the contract from blockchain contract 1104; andoutputs of (1) currency (this may be a token for real currency as well)to blockchain issuer 1102 in 1116 and (2) shares to blockchain investor1106 in 1118. This blockchain transaction (two inputs and two outputs)is a single atomic transaction 1115 submitted to the blockchain forverification thereby.

The transfer is validated (e.g., programmatically) against thevalidation logic associated with the contract (e.g., a script that isassociated with the transaction). In certain examples, blockchaincontract 1104 may require digitally co-signing the transaction torelease the shares and may only do so if the right conditions are met(e.g., if the amount of currency provided by the investor equals thevalue of the shares to be acquired). For example, the validation mayinclude validating that there is a sufficient amount of digital currencyto authorize the transfer of the requested number of shares. The natureof the validation of the blockchain transaction submitted from theinvestor is determined by the programmatic logic that is part of theallocated contract. This validation is, essentially, “controlled” by theautonomous blockchain contract address (e.g., via the scripted rulesassociated with the contract). In certain examples, the validation maybe performed by having an escrow party also digitally sign thetransaction to indicate that the required amount of funds has beendeposited and is ready to be transferred to the issuer.

The flexibility of this approach may mean that different types ofinformation may be needed for validating or satisfying the contractterms (e.g., beyond merely sending sufficient funds). For example, ahashed value of the electronic contract may be created and submitted tothe blockchain contract address. Part of the scripted logic may be tocheck if a hashed value received from the investor matches the hashedvalued that was originally used from the issuer. In other words, theinput from the blockchain investor 1106 may include a hash of thedocument of the contract (e.g., to represent that the investor has readand understood the contract terms) that is checked against a hash of thecontract that was used by the issuer. Accordingly, different types ofrules (e.g., logic) may be part of the “contract” for automating theexecution of the contract.

In step 1120 the contract is marked as executed and a certificate (e.g.,for the newly obtained shares) is created for the investor in step 1122.An example certificate and the information that may displayed to a userconcerning the same is shown in FIGS. 7G and 7H.

The approach described in FIG. 6 may make all the relevant informationavailable on the blockchain by default, as both the blockchain contractaddress and the participants are entities on the blockchain network.Accordingly, there are no steps that occur out of blockchain.

FIG. 8

FIG. 8 is a block diagram of an exemplary computing system 800 accordingto certain example embodiments (e.g., a digital asset repositorycomputer system as described in FIGS. 1-6, a user device as shown inFIGS. 1, 2B, 3A, or 4, a computing node that is part of a distributedcomputing system used to process and maintain a blockchain, onecomputing system out of multiple computing systems that make up acomputer system—such as the digital asset repository computer system asdescribed herein, etc . . . ). Computing system 1300 includes aprocessing system 1302 with CPU 1, CPU 2, CPU 3, CPU 4, a system bus1304 that communicates with RAM 1306, and storage 1308. The storage 1308can be magnetic, flash based (e.g., for a mobile client device), solidstate, or other storage technology. The system bus 1304 communicateswith user input adapter 1310 (e.g., PS/2, USB interface, or the like)that allows users in input commands to computing system 1300 via a userinput device 1312 (e.g., a keyboard, mouse, touch panel, or the like).The results of the processing may be displayed to a user on a display1316 (e.g., an LCD) via display interface 1314 (e.g., a video card orthe like).

The computing system 1300 may also include a network interface 1318(e.g., a transceiver) to facilitate wired (e.g., Ethernet—802.3x) and/orwireless communication (WiFi/802.11x protocols, cellular technology, andthe like) with external systems 1322, databases 1320, and other systemsvia network 1324. External systems 1322 may include other processingsystems, systems that provide third party services, computing nodes suchas miners for the blockchain, etc. External systems 1322 may be clientdevices or server systems.

External systems 1322 may also include network attached storage (NAS) tohold large amounts of data. External systems, along with the internalstorage and memory, may form a storage system for storing andmaintaining information (e.g., blockchain information, assetinformation, order book information, routing strategies, etc . . . ).Such a system may communicate with users and/or other computing systemsthat process electronic order data messages. The database 1320 mayinclude relational, object orientated, or other types of databases forstoring information (e.g., supplementary data that is associated with ablockchain transaction or a digital asset or resource that isrepresented on the blockchain, order book information for a financialinstrument).

The computer system may be arranged, in various embodiments, in manydifferent ways. As just one example, the computing system may bearranged such that processors include: a multi (or single)-coreprocessor; a first network interface device (which implements, forexample, WiFi, Bluetooth, NFC, etc . . . ); a second network interfacedevice that implements one or more cellular communication technologies(e.g., 3G, 4G LTE, CDMA, etc . . . ); memory or storage devices (e.g.,RAM, flash memory, or a hard disk). The processor, the first networkinterface device, the second network interface device, and the memorydevices may be integrated as part of the same SOC (e.g., one integratedcircuit chip or a “system-on-chip”). As another example, the computingsystem may be arranged such that: the processors include two, three,four, five, or more multi-core processors; the network interface devicesinclude a first network interface device that implements Ethernet and asecond network interface device that implements WiFi and/or Bluetooth;and the memory devices include a RAM and a flash memory or hard disk.

In other words, the processes, techniques, and the like, describedherein (for client devices, server, exchange, and/or controller systems)may be implemented on a computing system. Such implementations may thenconfigure or program the processing system to carry out aspectsaccording to certain example embodiments. It will be appreciated thatother architecture types may be used. For example, a single CPU may beused instead of multiple CPUS. Alternatively, a processing system mayinclude multiple CPU “cores.” Further, the various elements shown inconnection with FIG. 8 may be included into one cohesive physicalstructure (e.g., such as a tablet device). The components andfunctionality shown in FIGS. 1-7H may be implemented on or inconjunction with the example computing system shown in FIG. 8 (e.g., tothereby create a specific purpose computing machine or a new use of anexisting machine).

As described herein when a software module or software process performsany action, the action is in actuality performed by underlying hardwareelements according to the instructions that comprise the softwaremodule. In various embodiments, computing system 600, user devices 614Aand 614B, blockchain 618, centralized computer system 1000, blockchain1006, storage 602, 604, and 606, blockchain services 616, user interface612, micro-services API 610, etc . . . , each of which will be referredto individually for clarity as a “component” for the remainder of thisparagraph, are implemented using an example of the computing system 1300of FIG. 8. In such embodiments, the following applies for eachcomponent: (a) the elements of the 1300 computing system 1300 shown inFIG. 8 (i.e., the one or more processors 1302, one or more memorydevices 1306 or 1308, one or more network interface devices 1318, one ormore display interfaces 1314, and one or more user input adapters 1310),or appropriate combinations or subsets of the foregoing) are configuredto, adapted to, and/or programmed to implement each or any combinationof the actions, activities, or features described herein as performed bythe component and/or by any software modules described herein asincluded within the component; (b) alternatively or additionally, to theextent it is described herein that one or more software modules existwithin the component, in some embodiments, such software modules (aswell as any data described herein as handled and/or used by the softwaremodules) are stored in the memory devices 1306 and/or 1308 (e.g., invarious embodiments, in a volatile memory device such as a RAM, in aninstruction register, and/or in a non-volatile memory device such as aflash memory or hard disk) and all actions described herein as performedby the software modules are performed by the processors 1302 inconjunction with, as appropriate, the other elements in and/or connectedto the computing system 1300 (i.e., the network interface devices 1318,display interfaces 1314, user input adapters 1310, and/or display device1316); (c) alternatively or additionally, to the extent it is describedherein that the component processes and/or otherwise handles data, insome embodiments, such data is stored in the memory devices (e.g., insome embodiments, in a volatile memory device such as a RAM and/or in anon-volatile memory device such as a flash memory or hard disk) and/oris processed/handled by the processors 1302 in conjunction, asappropriate, the other elements in and/or connected to the computingsystem 1300 (e.g., the network interface devices 1318, displayinterfaces 1308, user input adapters 1310, and/or display device 1316);(d) alternatively or additionally, in some embodiments, memory devicesstore instructions that, when executed by the processors 1302, cause theprocessors 1302 to perform, in conjunction with, as appropriate, theother elements in and/or connected to the computing system 1300, each orany combination of actions described herein as performed by thecomponent and/or by any software modules described herein as includedwithin the component.

Technical Advantages of Described Subject Matter

In certain example embodiments, provenance and chain of custodyinformation is provided via the blockchain and blockchain transactionsare individually associated with corresponding records that are storedin a separate computer system. The provenance and chain-of-custodyinformation is secured through the use of the cryptographicallyverifiable operations that form the blockchain.

In certain example embodiments, a user interface (e.g., via a web siteor the like) is provided and allows participants to view transactionsthat are associated with a particular asset or resource. This allowsparticipants to visualize the provenance and chain of custodyinformation.

In certain example embodiments, data transaction requests may besubmitted to the computer system. The data transaction requests may beassociated with creating or issuing an asset, allocation of an asset todifferent participants, requests to perform an electronic auctionprocess, requests to perform a transaction and/or settle with a thirdparty agent.

Selected Terminology

Whenever it is described in this document that a given item is presentin “some embodiments,” “various embodiments,” “certain embodiments,”“certain example embodiments, “some example embodiments,” “an exemplaryembodiment,” or whenever any other similar language is used, it shouldbe understood that the given item is present in at least one embodiment,though is not necessarily present in all embodiments. Consistent withthe foregoing, whenever it is described in this document that an action“may,” “can,” or “could” be performed, that a feature, element, orcomponent “may,” “can,” or “could” be included in or is applicable to agiven context, that a given item “may,” “can,” or “could” possess agiven attribute, or whenever any similar phrase involving the term“may,” “can,” or “could” is used, it should be understood that the givenaction, feature, element, component, attribute, etc. is present in atleast one embodiment, though is not necessarily present in allembodiments. Terms and phrases used in this document, and variationsthereof, unless otherwise expressly stated, should be construed asopen-ended rather than limiting. As examples of the foregoing: “and/or”includes any and all combinations of one or more of the associatedlisted items (e.g., a and/or b means a, b, or a and b); the singularforms “a”, “an” and “the” should be read as meaning “at least one,” “oneor more,” or the like; the term “example” is used provide examples ofthe subject under discussion, not an exhaustive or limiting listthereof; the terms “comprise” and “include” (and other conjugations andother variations thereof) specify the presence of the associated listeditems but do not preclude the presence or addition of one or more otheritems; and if an item is described as “optional,” such descriptionshould not be understood to indicate that other items are also notoptional.

As used herein, the term “non-transitory computer-readable storagemedium” includes a register, a cache memory, a ROM, a semiconductormemory device (such as a D-RAM, S-RAM, or other RAM), a magnetic mediumsuch as a flash memory, a hard disk, a magneto-optical medium, anoptical medium such as a CD-ROM, a DVD, or Blu-Ray Disc, or other typeof device for non-transitory electronic data storage. The term“non-transitory computer-readable storage medium” does not include atransitory, propagating electromagnetic signal.

Additional Applications of Described Subject Matter

Although process steps, algorithms or the like, including withoutlimitation with reference to FIGS. 1-6, may be described or claimed in aparticular sequential order, such processes may be configured to work indifferent orders. In other words, any sequence or order of steps thatmay be explicitly described or claimed in this document does notnecessarily indicate a requirement that the steps be performed in thatorder; rather, the steps of processes described herein may be performedin any order possible. Further, some steps may be performedsimultaneously (or in parallel) despite being described or implied asoccurring non-simultaneously (e.g., because one step is described afterthe other step). Moreover, the illustration of a process by itsdepiction in a drawing does not imply that the illustrated process isexclusive of other variations and modifications thereto, does not implythat the illustrated process or any of its steps are necessary, and doesnot imply that the illustrated process is preferred.

For each embodiment described herein where blockchain technology is usedfor a particular purpose or feature, it should be understood thatblockchain technology is just one example of a technology that may beused for such purpose/feature; in various other embodiments, other typesof distributed ledger technology, distributed database technology,and/or smart contracts technology may be used in place of and/or inconjunction with blockchain technology for such purpose/feature.

Although various embodiments have been shown and described in detail,the claims are not limited to any particular embodiment or example. Noneof the above description should be read as implying that any particularelement, step, range, or function is essential. All structural andfunctional equivalents to the elements of the above-described preferredembodiment that are known to those of ordinary skill in the art areexpressly incorporated herein by reference and are intended to beencompassed. Moreover, it is not necessary for a device or method toaddress each and every problem sought to be solved by the presentinvention, for it to be encompassed by the invention. No embodiment,feature, component, or step in this specification is intended to bededicated to the public.

1. An electronic resource tracking and storage computer system that isconfigured to communicate with computing nodes of a distributedblockchain computing system that maintains a blockchain , the electronicresource tracking and storage computer system comprising: a computerstorage system configured to store: a plurality of blockchainparticipant identifiers that are each associated with at least onecryptographic key, each of the plurality of blockchain participantidentifiers associated with a corresponding one of plural differentparticipants, and a plurality of blockchain resource identifiers thatare associated with at least one resource cryptographic key; aprocessing system that includes at least one hardware processor coupledto the computer storage system and the transceiver, the processingsystem configured to: in response to reception of a digital resourceissuance request, create a new digital resource identifier, the newdigital resource identifier identifying a new resource associated withthe digital resource issuance request, wherein the new digital resourceidentifier is associated with a corresponding cryptographic key;generate a blockchain transaction that is to a participant blockchainidentifier of a first participant of the plural different participants,the generated blockchain transaction including the new digital resourceidentifier and a quantity value that indicates a quantity for the newresource; sign the generated blockchain transaction with thecorresponding cryptographic key that is associated with the new digitalresource identifier; submit the generated blockchain transaction to thedistributed blockchain computing system for incorporation into theblockchain that is maintained by the distributed blockchain computingsystem; in correspondence with publishing the generated blockchaintransaction to the distributed blockchain computing system, store, tothe computer storage system, a new transaction record that includes atleast some of the data included in the generated blockchain transactionand additional transaction data that was not included in the generatedblockchain transaction; and update, based on incorporation of thesubmitted blockchain transaction into the blockchain, the newtransaction record that is stored in the computer storage system.
 2. Theelectronic resource tracking and storage computer system of claim 1,wherein the participant blockchain identifier includes plural differentparticipant blockchain identifiers with different outputs for thegenerated transaction associated with different ones of the pluraldifferent participant blockchain identifiers.
 3. The electronic resourcetracking and storage computer system of claim 1, wherein the processingsystem is further configured to: begin a first process, during whichparticipants submit data transaction requests to send or receive amountsof the resource that is associated with the new digital resourceidentifier; close the first process to reception of data transactionrequests from the participants; generate a single blockchain transactionthat includes inputs that correspond to source participant blockchainidentifiers and outputs that correspond to destination participantblockchain identifiers, wherein the inputs are based on at some of thedata transactions requests to send amounts of the resource and theoutputs are based on some of the data transactions requests to receiveamounts of the resource; and submit the single blockchain transaction tothe distributed blockchain computing system.
 4. The electronic resourcetracking and storage computer system of claim 3, wherein the outputs aredirected to source participant blockchain identifiers for unspentamounts of the resource.
 5. The electronic resource tracking and storagecomputer system of claim 1, wherein the generated blockchain transactionincludes a hash value of the additional transaction data that was notincluded in the generated blockchain transaction.
 6. The electronicresource tracking and storage computer system of claim 1, wherein thegenerated blockchain transaction is also signed by at least twodifferent cryptographic keys.
 7. The electronic resource tracking andstorage computer system of claim 6, wherein a cryptographic keyassociated with the electronic resource tracking and storage computersystem is one of the at least two different cryptographic keys.
 8. Theelectronic resource tracking and storage computer system of claim 1,wherein the processing system is further configured to: receive aresource allocation request that identifies at least a secondparticipant that will be allocated at least a portion of an unspentoutput of the generated blockchain transaction; and generate a secondblockchain transaction that includes data from the output of thegenerated blockchain transaction as an input for the second blockchaintransaction; submit the second generated blockchain transaction to thedistributed blockchain computing system for incorporation into theblockchain that is maintained by the distributed blockchain computingsystem; in correspondence with submission of the second generatedblockchain transaction, store, to the computer storage system, a secondtransaction record that includes at least some of the data included inthe second generated blockchain transaction and additional transactiondata that was not included in the second generated blockchaintransaction.
 9. The electronic resource tracking and storage computersystem of claim 1, further comprising: the distributed blockchaincomputing system, wherein the blockchain is a private blockchain.
 10. Amethod of electronic resource tracking using an electronic resourcetracking and storage computer system that is configured to communicatewith computing nodes of a distributed blockchain computing system thatmaintains a blockchain, the electronic resource tracking and storagecomputer system storing (a) a plurality of blockchain participantidentifiers that are each associated with at least one cryptographickey, each of the plurality of blockchain participant identifiersassociated with a corresponding one of plural different participants,(b) a plurality of blockchain resource identifiers that are eachassociated with at least one resource cryptographic key, the methodcomprising: receiving a resource issuance request for issuance of a newresource; in response to reception of the resource issuance request,creating a new digital resource identifier, the new digital resourceidentifier identifying the new resource and the new digital resourceidentifier being associated with a corresponding cryptographic key;generating a blockchain transaction that is to a participant blockchainidentifier of a first participant, the generated blockchain transactionincluding the new blockchain resource identifier and a quantity valuethat indicates a quantity for the new resource; digitally signing thegenerated blockchain transaction with the corresponding cryptographickey that is associated with the new digital resource identifier;submitting the generated blockchain transaction to the distributedblockchain computing system for incorporation into the blockchain thatis maintained by the distributed blockchain computing system; incorrespondence with submitting the generated blockchain transaction tothe distributed blockchain computing system, storing, to the storagecomputer system, a new transaction record that includes at least some ofthe data included in the generated blockchain transaction and additionaltransaction data that was not included in the generated blockchaintransaction; and updating, based on incorporation of the submittedblockchain transaction into the blockchain, the new transaction recordto indicate that the generated transaction has been added to theblockchain.
 11. The method of claim 10, further comprising: beginning afirst process, during which participants submit data transactionrequests to send or receive amounts of the resource that is associatedwith the new digital resource identifier; closing the first process toreception of data transaction requests from the participants; generatinga single blockchain transaction that includes inputs that correspond tosource participant identifiers and outputs that correspond todestination participant identifiers, wherein the inputs are based on atsome of the data transactions requests that intend to send amounts ofthe resource and the outputs are based on some of the data transactionsrequests that intend to receive amounts of the resource; and submittingthe single blockchain transaction to the distributed blockchaincomputing system.
 12. The method of claim 10, wherein the generatedblockchain transaction includes a hash value of the additionaltransaction data that was not included in the generated blockchaintransaction.
 13. The method of claim 10, wherein the generatedblockchain transaction is also signed by at least a second cryptographickey.
 14. The method of claim 13, wherein the second cryptographic isassociated with the electronic resource tracking and storage computersystem.
 15. The method of claim 10, further comprising: receiving aresource allocation request that identifies at least a secondparticipant that will be allocated an unspent output of the generatedblockchain transaction; and generating a second blockchain transactionthat includes data from the output of the generated blockchaintransaction as an input for the second blockchain transaction;submitting the second generated blockchain transaction to thedistributed blockchain computing system; in correspondence withsubmitting the second generated blockchain transaction to thedistributed blockchain computing system, storing, to the computerstorage system, a second transaction record that includes at least someof the data included in the second generated blockchain transaction andadditional transaction data that was not included in the secondgenerated blockchain transaction.
 16. A non-transitory computer readablestorage medium having stored thereon computer readable instructions foruse with an electronic resource tracking and storage computer systemthat includes at least one processor, a memory, and a transceiver, theelectronic resource tracking and storage computer system configured tocommunicate with computing nodes of a distributed blockchain computingsystem that maintains a blockchain, the memory configured to store (a) aplurality of blockchain participant identifiers that are each associatedwith at least one cryptographic key, each of the plurality of blockchainparticipant identifiers associated with a corresponding one of pluraldifferent participants, (b) a plurality of blockchain resourceidentifiers that each correspond to a resource that is tracked on theblockchain, the stored computer readable instructions comprisinginstructions that, when executed by the at least one processor, causethe computer system to: receive a resource issuance request for issuanceof a new resource; in response to reception of the resource issuancerequest, store, to the memory, a new digital resource identifier and acorresponding a corresponding cryptographic key, the new digitalresource identifier identifying the new resource; generate a blockchaintransaction that is to a participant blockchain identifier of a firstparticipant, the generated blockchain transaction including the newdigital resource identifier and a quantity value that indicates aquantity for the new resource; sign the generated blockchain transactionwith the corresponding cryptographic key that is associated with the newdigital resource identifier; submit the generated blockchain transactionto the distributed blockchain computing system to be incorporatedtherein; in correspondence with submitting the generated blockchaintransaction to the distributed blockchain computing system, store, tothe memory, a new transaction record that includes at least some of thedata included in the generated blockchain transaction and additionaltransaction data that was not included in the generated blockchaintransaction; and subsequent to incorporation of the generated blockchaintransaction into the blockchain, update the new transaction record toindicate that the generated transaction.
 17. The non-transitory computerreadable storage medium of claim 16, wherein the stored computerreadable instructions comprise further instructions that, when executedby the at least one processor, cause the computer system to: begin afirst process, during which participants submit data transactionrequests to send or receive amounts of the resource that is associatedwith the new digital resource identifier; close the first process toreception of data transaction requests from the participants; generate asingle blockchain transaction that includes inputs that correspond tosource participant identifiers and outputs that correspond todestination participant identifiers, wherein the inputs are based on atsome of the data transactions requests to send amounts of the resourceand the outputs are based on some of the data transactions requests toreceive amounts of the resource; and submit the single blockchaintransaction to the distributed blockchain computing system.
 18. Thenon-transitory computer readable storage medium of claim 16, wherein thegenerated blockchain transaction includes a hash value of the additionaltransaction data that was not included in the generated blockchaintransaction.
 19. The non-transitory computer readable storage medium ofclaim 16, wherein the generated blockchain transaction is also signed bya second cryptographic key.
 20. The non-transitory computer readablestorage medium of claim 19, wherein the second cryptographic key isassociated with the electronic resource tracking and storage computersystem.